package com.kaifamiao.demo.d0905;

import java.sql.*;

public class Demo01 {

    public static void main(String[] args) {
        // 创建 Scanner 对象
//        Scanner in = new Scanner(System.in);
//        System.out.println("请输入用户名：");
//        String u = in.nextLine();
//        System.out.println("请输入密码：");
//        String p = in.nextLine();
//
//        if (login(u, p)) {
//            System.out.println("登录成功");
//        } else {
//            System.out.println("用户名或密码错误");
//        }

        String u = "admin";
        String p = "admin ' or 1 = '1 ";
        // SELECT id, username, password, createDate FROM USERS WHERE username = 'admin' and password = 'admin ' or 1 = '1 '
        // SELECT id, username, password, createDate FROM USERS WHERE username = 'admin' and password = ''
//        if (login1(u, p)) {
//            System.out.println("登录成功");
//        } else {
//            System.out.println("用户名或密码错误");
//        }

        test();
    }

    public static void test(){
        try {
            // 加载驱动类，注册驱动
            Class.forName("com.mysql.cj.jdbc.Driver");
            String url = "jdbc:mysql://localhost:3306/kfm";
            String user = "root";
            String password = "";

            // 创建数据库连接
            Connection connection = DriverManager.getConnection(url, user, password);
            // 创建 prepareStatement 对象, 参数使用 ? 占位
            String sql = "SELECT id, username, password, createDate FROM USERS WHERE id = ?";
            PreparedStatement preparedStatement = connection.prepareStatement(sql);

            // 设置参数， 替换 sql 中的 ?. 类型转换
            preparedStatement.setObject(1, "2");
            System.out.println(sql);

            // 执行 SQL
            ResultSet resultSet = preparedStatement.executeQuery();

            System.out.println(resultSet);

        } catch (ClassNotFoundException e) {
            e.printStackTrace();
        } catch (SQLException e) {
            e.printStackTrace();
        }
    }

    public static boolean login1(String u, String p){
        try {
            // 加载驱动类，注册驱动
            Class.forName("com.mysql.cj.jdbc.Driver");
            String url = "jdbc:mysql://localhost:3306/kfm";
            String user = "root";
            String password = "";

            // 创建数据库连接
            Connection connection = DriverManager.getConnection(url, user, password);
            // 创建 prepareStatement 对象, 参数使用 ? 占位
            String sql = "SELECT id, username, password, createDate FROM USERS WHERE username = ? and password = ?";
            PreparedStatement preparedStatement = connection.prepareStatement(sql);

            // 设置参数， 替换 sql 中的 ?. 类型转换
            preparedStatement.setString(1, u);
            preparedStatement.setString(2, p);
            System.out.println(sql);

            // 执行 SQL
            ResultSet resultSet = preparedStatement.executeQuery();

            preparedStatement.setString(1, "abc");
            preparedStatement.setString(1, "efg");

            preparedStatement.executeQuery();
            // 解析结果集
            return resultSet.next();

        } catch (ClassNotFoundException e) {
            e.printStackTrace();
        } catch (SQLException e) {
            e.printStackTrace();
        }
        return false;
    }

    public static boolean login(String u, String p){
        try {
            // 加载驱动类，注册驱动
            Class.forName("com.mysql.cj.jdbc.Driver");
            String url = "jdbc:mysql://localhost:3306/kfm";
            String user = "root";
            String password = "";

            // 创建数据库连接
            Connection connection = DriverManager.getConnection(url, user, password);
            // 创建 Statement 对象
            Statement statement = connection.createStatement();

            // 执行 SQL
            String sql = "SELECT id, username, password, createDate FROM USERS WHERE username = '" + u + "' and password = '" + p + "'";
            System.out.println(sql);

            ResultSet resultSet = statement.executeQuery(sql);

            // 解析结果集
            return resultSet.next();

        } catch (ClassNotFoundException e) {
            e.printStackTrace();
        } catch (SQLException e) {
            e.printStackTrace();
        }
        return false;
    }
}
